May 2015 News & Tips

WordPress Users Should Update Plugins Now!

Even the latest WordPress 4.2 is vulnerable, so users are warned. In particular the most recent bulletin notes that the XSS flaw is executed through comments and permits the attackers to execute arbitrary code, or, in effect, become the administrator.

A quick fix is to eliminate comments until a patch is released, and to avoid logging in as an administrator.

Multiple WordPress plugins may be vulnerable to the persistent cross-site scripting (XSS) flaw. A list of the known plugins is available here, but WordPress users have been urged to update all plugins now.

Cross-site Scripting allows an attacker to embed malicious content into a vulnerable page to gather data. The use of XSS can expose and compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems.

**Note that because WordPress has particular security issues, SiteVision offers an update service on an as requested basis ($60) or as a monthly maintenance feature ($60 monthly, 1st month free). Just contact us.

SiteVision’s Daria Norris to Speak at National Development Conference

Daria, SiteVision’s Lead Technical Architect, has been invited to speak at this year’s dev.Objective() conference, May 12-15 in Bloomington, MN. The web-centric conference covers a wide variety of topics relating to software development and skills with content geared toward mid-to-advanced-level developers.

Norris will deliver two sessions. The first, Feed Your Beans: From Anemic to Domain Driven Modeling, will cover four model patterns, their pros and cons, common anti-patterns, business logic in beans, and domain driven modeling. The second session, FW/1 3.0: Simplify Your Workload, will focus on Framework One (FW\1) and Inject One (DI\1) and how to simplify development workload while providing best practices.

The conference session list typically includes topics by speakers from companies such as Google, Adobe, Mozilla, Netflix, and IBM.

Kudos to Daria!

VITA Renews Annual Service Contract With SiteVision & Adds Services

SiteVision will continue to serve as a provider for Hosting and Software as a Service (SaaS) for Virginia State Agencies, including all local government entities.

Vulnerability Scanning Added this year is a provision for Web Application Vulnerability Scanning. Application Vulnerability Scanning is a technique to identify and assess security risks before a possible or likely exploitation.

The process has become increasingly important as major intrusions escalate across all web stratifications.Virginia Agency and local government entities can contact SiteVision for consultation and pricing.

The Virginia Information Technologies Agency (VITA) administers the contract awards and renewals as part of Virginia’s electronic government services program (eGov).

Google in the News

Google Introduces “FI”

Google calls it a new way to say “hello.” Reviewers call it anything from a takedown of the big wireless providers, to a fairly underwhelming offering. But what seems to be consistent is “fi’s” potential to be a game changer.

So what is it? Google has confirmed plans to launch its own wireless service, Project Fi, which automatically switches between Wi-Fi and Wireless to give you the best possible coverage. Partnering with Google are T-Mobile and Sprint.

Fi comes with one plan at one price, Google says. For $20 a month, subscribers get the talk, text, visual voicemail, Wi-Fi tethering and international coverage. It’s $10 per gigabyte of data after that for cellular data while in the U.S. and abroad. In a nice twist, the plan refunds any data you don’t use.

In some studies, close to 30% of carrier paid-for data goes unused, suggesting consumers are considerably over-paying for unneeded data coverage.

Described as a “project,” Fi is by invitation only for the initial offering, and works only on Nexus devices.